Updated kvm packages that fix two security issues are now available for RedHat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

It was found that KVM's Write to Model Specific Register (WRMSR)instruction emulation would write non-canonical values passed in by theguest to certain MSRs in the host's context. A privileged guest user coulduse this flaw to crash the host. (CVE-2014-3610)

A race condition flaw was found in the way the Linux kernel's KVM subsystemhandled PIT (Programmable Interval Timer) emulation. A guest user who hasaccess to the PIT I/O ports could use this flaw to crash the host.(CVE-2014-3611)

Red Hat would like to thank Lars Bull of Google and Nadav Amit forreporting the CVE-2014-3610 issue, and Lars Bull of Google for reportingthe CVE-2014-3611 issue.

All kvm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. Note: The procedure inthe Solution section must be performed before this update will take effect.

4. Solution:

Before applying this update, make sure all previously released erratarelevant to your system have been applied.

The following procedure must be performed before this update will takeeffect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using"modprobe -r [module]") and reload (using "modprobe [module]") all of thefollowing modules which are currently running (determined using "lsmod"):kvm, ksm, kvm-intel or kvm-amd.